Shedding Light Into the Darknet: Scanning Characterization and Detection of Temporal Changes

Network telescopes provide a unique window into Internet-wide malicious activities associated with malware propagation, denial of service attacks, network reconnaissance, and others. Analyses of this telescope data can highlight ongoing malicious events in the Internet which can be used to prevent or mitigate cyber-threats in real-time. However, large telescopes observe millions of events on a daily basis which renders the task of transforming this knowledge to meaningful insights challenging. In order to address this, we present a novel framework for characterizing Internet's background radiation and for tracking its temporal evolution. The proposed framework: (i) Extracts a high dimensional representation of telescope scanners composed of features distilled from telescope data and learns an information-preserving low-dimensional representation of these events that is amenable to clustering; (ii) Performs clustering of resulting representation space to characterize the scanners and (iii) Utilizes the clustering outcomes as "signatures" to detect temporal changes in the network telescope.

Files

Metadata

Work Title Shedding Light Into the Darknet: Scanning Characterization and Detection of Temporal Changes
Access
Open Access
Creators
  1. Rupesh Prajapati
  2. Vasant Honavar
  3. Dinghao Wu
  4. John Yen
  5. Michalis Kallitsis
License In Copyright (Rights Reserved)
Work Type Conference Proceeding
Publication Date December 3, 2021
Publisher Identifier (DOI)
  1. https://doi.org/10.1145/3485983.3493347
Source
  1. CoNEXT '21: Proceedings of the 17th International Conference on emerging Networking EXperiments and Technologies, December 2021
Deposited July 22, 2022

Versions

Analytics

Collections

This resource is currently not in any collection.

Work History

Version 1
published

  • Created
  • Added Darknet_poster__CoNEXT_2021-1.pdf
  • Added Creator Rupesh Prajapati
  • Added Creator Vasant Honavar
  • Added Creator Dinghao Wu
  • Added Creator John Yen
  • Added Creator Michalis Kallitsis
  • Published
  • Updated Source, Publisher, Publisher Identifier (DOI), and 1 more Show Changes
    Source
    • Proceedings of the 17th International Conference on emerging Networking EXperiments and Technologies
    • CoNEXT '21: Proceedings of the 17th International Conference on emerging Networking EXperiments and Technologies, December 2021
    Publisher
    • ACM
    Publisher Identifier (DOI)
    • 10.1145/3485983.3493347
    • https://doi.org/10.1145/3485983.3493347
    Publication Date
    • 2021-12-02
    • 2021-12-03
  • Updated